DevSecOps

Yes, DevSecOps is a buzz-word, but it’s an important one! Security has an important part to play in application lifecycles and workflows. Learn how you can best integrate security into your existing pipelines.

Container security throughout the SDLC

Containers are increasingly becoming the standard unit of software. The container image, technically defined in the OCI image specification, is a key component of modern tooling, from Docker to Kubernetes to platforms like AWS Fargate and Google Cloud Run. What does this mean for application security? Where we use container images One of the interesting […]

October 16, 2019

The Secure Developer: talking DevSecOps in Azure with Microsoft’s Victoria Almazova

In February of this year, Snyk launched a new educational, vendor-neutral, and security-focused community, The Secure Developer. Snyk wants to help developers adopt a security mindset throughout their development process and The Secure Developer community is the place where you can do just that; a place to learn security best practices from experts in an […]

September 25, 2019

10 Java security best practices

In this cheat sheet edition, we’re going to focus on ten Java security best practices for both open source maintainers and developers. This cheat sheet is a collaboration between Brian Vermeer, Developer Advocate for Snyk and Jim Manico, Java Champion and founder of Manicode Security. We recommend you print out the cheat sheet and also […]

September 16, 2019

10 Eclipse plugins you shouldn’t code without

Developers primarily work from their favorite IDE (integrated development environment). For that reason, good IDE extensions and plugins are becoming more and more important. For this blog, I examined Eclipse IDE plugins and then narrowed it down to the top 10 most helpful plugins that I have added to my own toolkit. You can download […]

August 15, 2019

Snyk has acquired DevSecCon!

We are thrilled to announce that Snyk has acquired DevSecCon, the world’s premier conference dedicated to DevSecOps – getting developers and security working well together! Together, Snyk and the DevSecCon team, led by Francois Raynaud, will partner to maintain a vendor neutral home dedicated to growing and strengthening the DevSecOps community with additional support and resources, including 9 global conferences in the remainder of 2019 and 2020.

July 24, 2019

New O’Reilly Book: Securing Open Source Libraries by Guy Podjarny

Snyk has partnered with O’Reilly to offer a new book

July 2, 2019

Best practices for secrets management in serverless applications

If you’re building a serverless application, chances are that your functions need to access secrets or other types of sensitive information that you’re storing, such as API keys, tokens, or passwords. However, managing these secrets properly may sometimes prove to be a difficult task. When users fail to adopt a key management service, these secrets, […]

June 13, 2019

8 Azure Repos Security Best Practices

In this cheat sheet we’ll cover how you can be more secure as an Azure Repos user or contributor. Some of it is specific to Azure Repos, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of […]

May 6, 2019

Never store credentials as code/config in Azure Repos

Having team-wide rules that prevent credentials from being stored as code is a great way to police bad actions in the existing developer workflow. There are internal tools like Azure Key Vault

May 6, 2019

Remove sensitive data in your files and Azure Repos history

If you find sensitive data in your Azure Repos repository, you need to do a number of things to recover. First of all you'll need to invalidate the tokens and passwords that were once public. Once a secret is public on the internet, you should assume it's in the hands of attackers and react accordingly.

May 6, 2019

Tightly control access to your Azure Repos

The following is a best practice guideline from our series of 8 Azure Repos security best practices DOWNLOAD THE CHEAT SHEET! 3. Tightly control access to your Azure Repos Here in the UK, when it gets really, really hot (read: mildly warm) us Brits tend to open all the windows in the house to make […]

May 6, 2019